Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of responsible disclosure on September 24. Originally tracked as … [Read more...] about Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug
windows
Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition
Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have been pwned on this year's contest," the event organizers said. "11 out of 16 targets … [Read more...] about Windows 10, iOS, Chrome, Firefox and Others Hacked at Tianfu Cup Competition
Google Discloses Windows Zero-Day Bug Exploited in the Wild
Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The elevation of privileges (EoP) vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver ("cng.sys") that can be exploited for a sandbox … [Read more...] about Google Discloses Windows Zero-Day Bug Exploited in the Wild
Windows GravityRAT Malware Now Also Targets macOS and Android Devices
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed "GravityRAT" — now masquerades as legitimate Android and macOS apps to capture … [Read more...] about Windows GravityRAT Malware Now Also Targets macOS and Android Devices
Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs
Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook. The flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in severity, affect Windows, Office and … [Read more...] about Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs
Microsoft Windows XP Source Code Reportedly Leaked Online
Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it's … [Read more...] about Microsoft Windows XP Source Code Reportedly Leaked Online
Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely
Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code.The flaws, which were uncovered by Norwegian cybersecurity firm Watchcom during a pentest, affect all currently … [Read more...] about Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely
Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2
Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities.Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated … [Read more...] about Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2
Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked
Microsoft earlier today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products.This month's Patch Tuesday updates address a total of 120 newly discovered software vulnerabilities, of which 17 are critical, and the rest are important in severity.In a nutshell, your Windows computer can be hacked … [Read more...] about Microsoft Reveals New Innocent Ways Windows Users Can Get Hacked
Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system.Dubbed 'BootHole' and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if … [Read more...] about Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems